Army CIO/G6, Cybersecurity Directorate Training and Certification Newsletter 1 September 2012

U N I T E D

S T AT E S

A RMY

A R MY S T R O N G

Inside this issue:

ANNUAL MAINTENANCE FEE COMPTIA CPE ENROLLMENT QUESTIONS AND ANSWERS EXAM CHANGES FOR CISSP AND GIAC NEW FEDVTE (VIRTUAL TRAINING ENVIRONMENT) INFORMATION ASSURANCE SCHOLARSHIP PROGRAM SOUNDING OFF EXAM VOUCHER AVAILABILITY REQUESTING A 2ND VOUCHER NATIONAL INITIATIVE CYBERSECURITY EDUCATION

Points of Contact: E-mail: Group ciog-6.netcomiawip.inbox@mail.mil Phyllis.e.bailey2.civ@mail.mil Doris.m.wright2.ctr@mail.mil Ronald.m.wallace.ctr@mail.mil

Army CIO/G6, Cybersecurity Directorate Training and Certification Newsletter 1 September 2012

THE DEADLINE IS APPROACHING ENROLL IN THE COMPTIA CONTINUING EDUCATION BY 30 September 2012 QUESTIONS FORM THE IA COMMUNITY
1. Question: What happens if I do not enroll by 30 September 2012 even though DoD gave us until 31 Dec 2012 to enroll? Answer: The 30 Sep 2012 date is mandated for Army personnel. If you wait until the last minute (31 Dec 2012) and do not get into the system to enroll then you will need to retake the exam. 2. Question: Will I be able to enroll on 1 Jan 2013? Answer: No, The CompTIA portal for continuing education enrollment will not be available on 1 Jan 2013. 3. Question: I have a higher DoD baseline and I obtained my CompTIA certification after 1 Jan 2011, do I have to enroll in the Continuing Education (CE) program, pay my annual dues and complete any Continuing Professional credits (CPEs)? Answer: Individuals who completed the certification exam after 1 Jan 2011 are automatically enrolled in the CE program and must pay the annual dues and complete required CPEs. CPEs completed for the higher certification may count toward your CompTIA certification. *Do not upload all CPEs before the end of your 3 year period if you do not want your next three to start early.

4. Question: I have higher DoD baseline certification and I obtained my CompTIA certification prior to 1 Jan 2011, do I have to enroll, complete the Continuing Education credits (CPEs) and pay the annual dues? Answer: No, but you must keep your higher certification current by complet Ing your CPEs and paying youre annual dues. 5. Question: If I obtained my cert prior to 1 Jan 2011 and paid all of my annual fees and uploaded my CPEs be Fore the 3 year period, will I be able to receive more tokens for the upcoming years (i.e. 2014 or 2015 )from Army CIO/G6? Answer: Yes. You will need to go through the same process of obtaining a token by filling out the voucher/amf form located on the ATCTS homepage Under documents. Make sure the form is sent to your ATCTS manager . 6. Question: I have a certified for life CompTia certification, what happens if I enroll in the continuing education program, pay all my annual fees for the next 3 years and upload all required CPEs within the first of second year of my 3 year requirement? Answer: A. Your next 3 year period starts the date that CompTIA approves all of your CPE credits. B. You will have the CE designator and receive Security+ CE or A+ CE or Network+ CE certificate from CompTia or it will be annotated in your CompTIA account.

7. Question: I received my certification on 1 Jan 2011 or after, what happens if I pay all 3 years annual dues, upload all required CPEs before the end of my 3 year period? Answer: A. Individuals that received a CompTIA certification after 1 Jan 2011 is automatically enrolled in the Continuing Education program. B. Individuals that received a CompTIA certification after 1 Jan 2011 automatically have a 3 year expiration date. C. The new 3 year period will not start until the end of the expiration date no matter if you upload all required CPEs, pay all 3 years of the annual fees within the first year or two. 8. Question: Can I use certifications such as CCNA for CPE credits? Answer: Yes, but it depends on the type of certification. Please check the CompTIA website for more information.

Army CIO/G6, Cybersecurity Directorate Training and Certification Newsletter 1 September 2012

Continuing Education questions continue

9. Question: Why doesnt my enrollment show up in my ATCTS profile?

Answer: Each person must enroll in the continuing education program in their CompTIA account at http:// certification.comptia.org/manageCEUs.aspx. Once enrolled sign the ethics form then go to the DoD DMDC site at https://www.dmdc.osd.mil/appj/dwc/index.jsp and release your certification or click on release additional certification if you already released it once. 10. Question: When does the 3 year period begin for meeting all requirements for my CompTIA certification? Answer: The 3 years begin the date you enroll in the continuing education program. If you took the exam after 1 Jan 2011 , the 3 years begin the date you passed the exam.

National Initiative for Cybersecurity Education (NICE)

The National Initiative for Cybersecurity Education (NICE) published version 1.0 of the National Cybersecurity Workforce Framework (the Framework) to provide a common understanding of and lexicon for cybersecurity work. Defining the cybersecurity population consistently, using standardized terms is an essential step in ensuring that our country is able to educate, recruit, train, develop, and retain a highly-qualified workforce. The NICE framework is located at: http://csrc.nist.gov/nice/framework/. The next version of the NICE framework is in draft by the council which consist of members from National Cybersecurity Awareness Lead: Department of Homeland Security, Formal Cybersecurity Education Co-Lead Department of Education (DoED) and National Science Foundation (NSF), Cybersecurity Workforce Structure Lead: DHS supported by the Office of Program Management (OPM), and the Cybersecurity Workforce Training and Professional Development Tri-Leads: Department of Defense, Office of the Director of National Intelligence and DHS. OPM is working to create sub specialties for the Cyber workforce. The National Security Agency has adopted the titles in the Committee of National Security Standards issuances.

Releasing your certification

All personnel that are part of the IA workforce (military, DA civilians and contractors) must release their certification/s through DMDC at URL: https://www.dmdc.osd.mil/appj/dwc/. This is mandated by DoD 8570.01-M. Releasing your certification through this system enables Army to pull your certification status from an authoritative source. This also decreases the man-hours that managers have to manually verify certification
3

Army CIO/G6, Cybersecurity Directorate Training and Certification New sletter 1 Sep 2012

New Training modules on the Virtual Training website (https:// iatraning.us.army.mil 1. Assured Compliance Assessment Solution. Training is located on the new FedVTE site as well 2. DoD Smartphones and Tablets

Certification under DoD review

DoD CyberAwareness Challenge Training for FY 13

The next DoD Cyber Awareness Training (AKA DoD IA Awareness training) will be presented as a small gaming environment. The user will challenge the adversary through the 12 courses to earn points. The one who wins will receive the trophy. DoDs intent is to have the training to last no longer than one hour and to provide the user a 3D like environment within each challenge. The training is scheduled to be released around 1 October 2012. All Army users with network access will continue to take the training on the Fort Gordon website.

CompTIA Advance Security Practitioner (CASP) for the IATIII and IAMII positions.

Changes to the Certified Information Systems Security Professional and GIAC certification exams

ISC2 Electronic Exams: ISC(2) (CISSP, CAP) paper based test exams end Aug 31 2012 and will no longer be available. Computer Based Tests for all ISC(2) exams will be available via authorized PearsonVue testing centers.

The CISSP and GIAC exams can now be taken at any Pearson Vue testing center. You must schedule your exam at http:// www.pearsonvue.com/ military or to register at a non military base go to http:// www.pearsonvue.com/ comptia

GIAC exams that can be taken through Pearsonvue: GIAC exams: GCIH, GSLC, GSEC, GISF, GCIA, and GSNA.

CERTIFIED INFORMATION SECURITY MANAGER CLASSROOM COURSE The Army CIO/G6 Cybersecurity Directorate has partnered with the Fort Gordon School of Information Technology to host a CISM course at Fort Detrick, MD, 17-21 Sep 2012. The list of attendees are found on the ATCTS homepage under the NEWs tab. If you can not attend please send an email to doris.wright@us.army.mil. The intent of the certification is to provide a common body of knowledge for information security management. The CISM focuses on information risk management as the basis of information security. It also includes material on broader issues such as how to govern information security as well as developing and managing an information security program and incidents.

Army CIO/G6, Cybersecurity Directorate Training and Certification New sletter 1 Sep 2012

CARNEGIE MELLON VIRTUAL TRAINING ENVIRONMENT (VTE) MOVES TO FEDVTE OWNED AND OPERATED BY THE DEPARTMENT OF HOMELAND SECURITY All current Carnegie Mellon VTE (https://vte.cert.org) user course completion records was copied into FedVTE on August 24, 2012. Starting September 11, 2012, all personnel will access VTE training and labs using FedVTE. Any training and labs competed between August 24 and September 10, 2012 will not be reflected in FedVTE. Please make sure that you keep your completion certifications. The new FedVTE site: https://www.fedvte-fsi.gov/Vte.Lms.Web/ will be available on 10 Sep 2012. New Users, please do not try to register until 11 Sep 2012 on the FEDVTE site. All registered user accounts on the Carnegie Mellon VTE site will be imported into the FEDVTE site on 10 Sep 2012. They will be able to log on with their current userid and password on 11 Sep 2012. You will not need to create a new account on the FEDVTE site. All individuals can continue to access the current VTE site with their user name and userid until 10 Sep 2012. Your account will need to be approved by your VTE manager on the FEDVTE site. These managers are currently being inputted into the system. Until then all accounts will be approved at the Army CIO/G6 level. All Army Commands, Army Service Component Commands and Direct Reporting Units IAPMs shall submit a name and AKO/enterprise email address of the individual who will approve accounts for their organizations. All names need to be provided to ciog-6.netcomiawip.inbox@mail.mil NLT 9 Sep 2012. A quick guide is located on the ATCTS homepage (https://atc.us.army.mil) under the NEWs tab. The guide is called FedVTE quick guide.

CONTINUING EDUCATION CREDIT REQUIREMENTS FOR CERTIFICATION IAW CERTIFYING BODY

Security: 50 CPEs every 3 years $49.00 annually Network+: 30 CPEs every 3 years $49.00 annually A+: 20 CPEs every 3 years $25.00 annually CISM and CISA: http://www.isaca.org/Certification/Pages/ maintain.aspx At least 40 per year Total: 120 CPEs every 3 years $85.00 annually (non members) $40.00 annually (members) All GIAC: CPEs completed every 4 years: http://www.giac.org/ certifications/renewal $100.00 annually OR 499.00 every 4 years 5

ISC(2) CISSP and CAP CISSP: Total of 120 every 3 years At least 40 CPEs per year $85.00 annual dues CAP 60 CPEs every 3 years At least 10 CPES per year $65.00 annual dues

When entering CPE credits in your vendors account (ISACA, ISC(2), etc), the CPE credit/s must align to the certification objectives.

Army CIO/G6, Cybersecurity Directorate Training and Certification New sletter 1 Sep 2012

Certified Ethical Hacker vouchers available. Vouchers will expire 30 Sep 2012. Available to all military and DA civilians who completes training and voucher request

Army E-learning courses

The Network+ 2012 modules are added to the CIO/G6 folder. The Network+ 2009 CompTIA expired on 30 Aug 2012. All personnel requiring a Network+ voucher must complete the Network+ 2012 modules as of 1 Sep 2012.

REQUIREMENTS 1. Must have an account in ATCTS (https:// atc.us.army.mil) 2. Complete the Information Assurance Fundamental course located at https://ia.signal.army.mil 3. Complete the CEH modules in skillport located at https:// usarmy.skillport.com.

5. Be appointed on letter in a CND-SP position (letter must be in ATCTS profile). Since the vouchers are set to expire personnel in technical and management positions can request a voucher as well. 6. Fill out a Privilege Access Agreement (agreement must be in ATCTS profile).

Annual Federal Information System Management (FISMA) data

The IA Awareness training completions for FY 12 will be pulled from the Fort Gordon Database on 20 Sep 2012. The Specialized training and certification stats will be pulled from the Army Training and Certification Tracking System on 20 Sep 2012. This information will be provided to the FISMA team to provide to the Office of Management and Budget.

Annual Maintenance Fee TOKENS available

This office has the following tokens available for military and civilians only to pay their annual certification maintenance fees. CISM CAP (expires 30 Oct 2012) CISSP (expires 30 Dec 2012) Security+ A+ Network+ In order to receive a token to pay the AMF, the individual must fill out the voucher/amf request form located on the ATCTS homepage under docu ments. The form must be sent to the individuals ATCTS manger to upload into their ATCTS profile in the voucher request/pretest area. Individuals holding multiple CompTIA certifications (A+, Sec+ and Net+) will satisfy the AMF for the lower certifica -tions by paying the highest certification AMF. The CPEs will be satisfied as well when All are completed for the highest Certification. This office cannot reimburse payment for tokens or voucher purchased by the indi vidual. Tokens will be provided for the highest certification only. If you have multiple certifications such as CISSP and CISM, this office will make every attempt to satisfy your request if tokens are available.

YOU CAN RECEIVE A CAP TOKEN IF YOU HAVE A CAP CERTIFICATION AND ANOTHER HIGHER CERTIFICATION.

Army CIO/G6, Cybersecurity Directorate Training and Certification New sletter 1 Sep 2012

Upcoming Features in the Army Training and Certification Tracking System https://atc.us.army.mil -1st QTR 2013

Upcoming Events
FEDCTE (Operation Cyber Threat FY 2012 remaining schedule 1. 18 Sep 2012: Continuous Monitoring Network Management Location: Remote/Virtual World **submit the SF 182 located under document on the ATCTS homepage** Titled: FEDCTECM: Network Management to doris.wright@us.army.mil

1. Archiving older completed training when more than one has been completed . The profile will show the last two completed. 2. IAPM, IAM and DAA customized report 3. Refining the customized reporting feature

SOUNDING OFF

(https://atc.us.army.mil)

If you think its a good suggestion send responses to your IAM/IAPM. The IAM/ IAPM can consolidate and provide this office the overall response for your brigade or command. The following items are recommendations from various organizations. Please let us know your thoughts. Please send your comments to your IAM/IAPM. Send comments to ciog6.netcomiawip.inbox@mail .mil

1. Fort Leavenworth NEC-Marlene Davis: Remove the tracking of CPE credits in ATCTS since it is tracked on the Vendors' website 2. JBLM-Dale Tongue: Take away the ability for users to upload their IA Awareness training. 3. USASFC IAMRodney Shuler: Would like to see grouping of several saved reports with the same title, numerical order or alphabetical order.

4. USAAC: Angela Collard: Allow users and managers to upload certificates for training listed in the Army Minimum Required Training section. 5. USAAC: Angela Collard: Allow managers to set a renewal/ expiration criteria (Annual/Quarterly) for all training with the system providing user automatic notices as it does with the IA Awareness train-

6. MEDCOM-Frank Lohman: Need the ability to separate the contents of the field List of Completed Training and Certs in ATCTS into Four separate fields: 1. Professional Baseline Certification (DoD 8570.01); 2. Computer environment Certification; 3. Minimum Training Required; 4. Specialized Training; 5. Continuing Education Enrollment and date.

Army CIO/G6, Cybersecurity Directorate Training and Certification New sletter 1 Sep 2012

Exam Vouchers availability

The Army CIO/G6, Cyber security Directorate has the following vouchers available 1. 2. 3. 4. 5. CISSP Security+ Network+ A+ Certified Ethical Hacker 6. CISM: TBA 10 Sep 2012 ARE YOU CERTIFIED AND TRAINED: Newly appointed IA personnel/hires (civilians and military) have six months from date of appointment to become fully qualified.

Certification goal percentages: RED is not a good goal. The mandate is to have all IA workforce personnel certified (baseline and CE) within 6 months of Cybersecutiy/IA appointment. All personnel outside the 6 month window must already be certified. 0-50%: RED 51-90%: Amber 91-100%: Green

How many vouchers can I receive

Helpful Websites
Military and Civilians can ONLY receive two types of vouchers. Example if you are in an IAMIII position then you are eligible for a voucher at the IAMIII level and one at the IAMI level. The individual will be provided a second voucher if the exam is failed the first time. Exam vouchers are provided IAW the appointment letter only. Please see pages 9 and 10 for requirements for a second voucher. DoD published the Department of Defense Strategy for Operating in Cyberspace, July 2011. To view this document go to : http:// www.defense.gov/news/

https:// iatraining.us.army.mil -PII -PED -Safe Home Computing -Phishing *Complete the Army test and the CBT* https://ia.signal.army.mil -Information Assurance Fundamentals -DoD IA Awareness (complete steps 1 and 2) -Mobile Training Team schedule (POC Joey Gaspard at joey.gaspard@us.army. mil

INFORMATION ASSURANCE FUNDAMENTAL (IAF) TRAINING The 40 hour IAF training course located on the Fort Gordon website at https://ia.signal.army.mil counts as 40 CPE credits for the CISSP and Security+ certifications. The training will be annotated under Training-other IT industry in the individuals CompTIA account. The IA Fundamental course counts towards 16 CPE points for A+ certification and 24 CPE points for Network+ A detailed listing of skillport and DoD courses that counts as CompTIA CPE credits are located on the ATCTS home page under documents. Title: CompTIA CPE course listing 8

Please register with your AKO email address on the FEDVTE site.

https:// usarmy.skillport.com

Army CIO/G6, Cybersecurity Directorate Training and Certification New sletter 1 Sep 2012

Questions regarding contracts

Do you have contractors that perform IA support functions? Does their contract have the IA certification category and level requirements stated, per DoD 8570.01-M? The Performance of work (PWS) statement should state: The contractors must comply with DFAR 252.239.7001. Additionally you can add the DoD and Army requirements in the PWS as well. Is their contract number listed in their ATCTS profile? Is there a DD254 on file for all classified contracts or contracts that requires access to classified material?

**Managers please assist this office by asking these questions and taking the necessary actions to complete the requirements. If you need suggested words to include in the contract please review the DFARS clause located on the ATCTS homepage under documents**

Contractor Certifications DoD DFARS 48 CFR Parts 239 and 252 RIN 0750-AF52 DFARS Clause: 252.239.7001

Contractor personnel who do not have proper and current certifications shall be denied access to DoD Information Systems for the purpose of performing information assurance functions. Contractors must be hired with the required level of baseline certification as stated in their contract. The contractor has 6 months to obtain the rest of the qualification requirements unless it is stated in their contracts. (Computing Environment certification/certificate of training; Privilege Access Agreement; Duty appointment letter; background check; On-the-Job Training)

Army CIO/G6, Cybersecurity Directorate Training and Certification New sletter 1 Sep 2012

Questions regarding Civilian and Military personnel Is the IA certification category and level requirement stated in the position description and the HR hiring checklist as a condition of employment? Is the soldier or DA civilian made aware of the type of certification/s and/or certificate of training required for their position ? Does the command offer remedial training if testing is unsuccessful and ensures that the Army retraining requirements are adhered to? Does the supervisor mentor throughout the certification process? Does the supervisor counsel the individual as appropriate?

DoD 8570.01-M requires that all Department of the Army Civilians and Military personnel working IA functions obtain a baseline and computing environment certification/certificate of training within six months of their IA appointment date.

INFORMATION ASSURANCE SCHOLARSHIP PROGRAM

The Information Assurance Scholarship Program for Calendar Year 2013-2014 opens on 1 October 2012. Managers can begin looking for those highly motivated and talented Information Assurance Professionals that have the attitude, knowledge and skills to excel in the fields below. The CY 2012-2013 DoD IASP memorandum located on the Army Training and Certification Training System (ATCTS) under NEWs can be used as a baseline to complete your package for this year. An All Army message is in development and should be available for distribution NLT 1 October 2012. The deadline for submitting complete packages is 15 January 2013. The mailing address to send packages is: Army CIO/G6, ATTN: Doris M. Wright, 5850 23rd Street, Bldg 220, 2nd Floor, Fort Belvoir, VA 22060-5832. Colleges: Air Force Institute of Technology (AFIT): Is Full time and offers Master of Science degrees in Cyber Operations, Information Resources Management , Electrical Engineering, Computer Engineering and Computer Science and PhD in Computer Science. This program is opened to Civilian and military personnel of any grade

Information Resources Management College (NDU): Focuses on DoD civilian employees and military officers who wish to pursue a full-time or part-time masters degree or a full-time doctorate in an Cybersecurity discipline. Selectees will complete the first part of their degree through IRMC and then enter a Partner University to complete the remaining degree requirements. Open to civilians GS12 or above and active duty military 0-4 and above. Naval Postgraduate School (NPS): Applicants may apply for either the Master of Science or PhD in Computer Science. Enlisted service members may apply for the MS program only. Full-time residence only. Open to GS-9 or 10 higher; E-4 through E-9; W0-1 through W0-4 and 01 or higher (typical student is an 0-3).

Army CIO/G6, Cybersecurity Directorate Training and Certification New sletter 1 Sep 2012

RETRAINING REQUIREMENTS FOR A 2ND VOUCHER

RETRAINING for Security+ Voucher

1. Complete the Security+ Prep (SY0-301)on-line, instructor led training on the VTE site at https:// vte.cert.org until the FEDVTE site is available on 11 Sep 2012 2. Complete the appropriate assessment test. Go to http://dod.measureup.com from a computer that is connected to the internet and a printer. Achieve at least a 85% passing score. 3. Complete a voucher request form. Location ATCTS homepage under documents 4. Sent VTE results , Comptia pretest and voucher form to your ATCTS manager once completed and filled out correctly to upload in your ATCTS profile under voucher request/pretest results.

RETRAINING for Network+ Voucher

1. Complete the CompTIA Network+ Prep (2009) on-line instructor led training site at https:// vte.cert.org until the FEDVTE site is available. On 11 Sep 2012 The Network+ 2011 course is coming soon. Please register with your AKO email address

2. Complete the appropriate assessment test. Go to http://dod.measureup.com from a computer that is connected to the internet and a printer. Achieve at least a 85% passing score. 3. Complete a voucher request form. Location ATCTS homepage under documents 4. Send VTE results , Comptia pretest and voucher form to your ATCTS manager once completed and filled out correctly to upload in your ATCTS profile under voucher request/pretest results.

11

Army CIO/G6, Cybersecurity Directorate Training and Certification New sletter 1 Sep 2012

RETRAINING for A+ Voucher

1. Complete A+ on-line instructor led training on the VTE website at https://vte.cert.org until the FEDVTE site is available on 11 Sep 2012. 2. . Take the CompTIA A+ pre-assessment test and score at least 85%. (701 and 702) 3. Complete the appropriate assessment test. Go to http://dod.measureup.com from a computer that is connected to the internet and a printer. Achieve at least a 85% passing score. 4. Complete a voucher request form. Location ATCTS homepage under documents 5. Send VTE results , Comptia pretest and voucher form to your ATCTS manager once completed and filled out correctly to upload in your ATCTS profile under voucher request/pretest results. RETRAINING for CISSP Voucher

1. Complete the ISC(2) TM CISSP ( R )Prep Version 2 on-line instructor led training on the VTE website at https://vte.cert.org until the FEDVTE site is available on 11 Sep 2012. Please use your AKO email address when registering

2. Complete a voucher request form located on the ATCTS homepage under documents 3. Send VTE results and voucher request form to your ATCTS manager to upload in your ATCTS profile under the voucher request/pretest result area

RETRAINING for CISM Voucher

1. Complete the CISM on-line instructor led training on the VTE website at https://vte.cert.org until the FEDVTE site is available on 11 Sep 2012. Please use your AKO email address when registering

2. Complete a voucher request form located at https://atc.us.army.mil under compliance information

12